1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
class backupninja::server {
$real_backupdir = $backupdir ? {
'' => "/backup",
default => $backupdir,
}
$real_usermanage = $usermanage ? {
'' => 'doit',
default => $usermanage
}
$real_backupserver_tag = $backupserver_tag ? {
'' => $fqdn,
default => $backupserver_tag
}
group { "backupninjas":
ensure => "present",
gid => 700
}
file { "$real_backupdir":
ensure => "directory",
mode => 0710, owner => root, group => "backupninjas"
}
User <<| tag == "backupninja-$real_backupserver_tag" |>>
File <<| tag == "backupninja-$real_backupserver_tag" |>>
# this define allows nodes to declare a remote backup sandbox, that have to
# get created on the server
define sandbox(
$user = false, $host = false, $installuser = true, $dir = false, $manage_ssh_dir = true,
$ssh_dir = false, $authorized_keys_file = false, $backupkeys = false, $keytype = "rsa",
$uid = false, $gid = "backupninjas", $backuptag = false)
{
$real_user = $name ? {
false => $name,
default => $user,
'' => $name,
}
$real_host = $host ? {
false => $fqdn,
default => $host,
}
$real_backupkeys = $backupkeys ? {
false => "$fileserver/keys/backupkeys",
default => $backupkeys,
}
$real_dir = $dir ? {
false => "${backupninja::server::real_backupdir}/$fqdn",
default => $dir,
}
$real_ssh_dir = $ssh_dir ? {
false => "${real_dir}/.ssh",
default => $ssh_dir,
}
$real_authorized_keys_file = $authorized_keys_file ? {
false => "authorized_keys",
default => $authorized_keys_file,
}
$real_backuptag = $backuptag ? {
false => "backupninja-$real_host",
default => $backuptag,
}
@@file { "$real_dir":
ensure => directory,
mode => 0750, owner => $user, group => 0,
tag => "$real_backuptag",
}
case $installuser {
true: {
case $manage_ssh_dir {
true: {
@@file { "${real_ssh_dir}":
ensure => directory,
mode => 0700, owner => $user, group => 0,
require => File["$real_dir"],
tag => "$real_backuptag",
}
}
}
@@file { "${real_ssh_dir}/${real_authorized_keys_file}":
ensure => present,
mode => 0644, owner => 0, group => 0,
source => "$real_backupkeys/${user}_id_${keytype}.pub",
require => File["${real_ssh_dir}"],
tag => "$real_backuptag",
}
case $uid {
false: {
@@user { "$user":
ensure => "present",
gid => "$gid",
comment => "$name backup sandbox",
home => "$real_dir",
managehome => true,
shell => "/bin/sh",
password => '*',
require => Group['backupninjas'],
tag => "$real_backuptag"
}
}
default: {
@@user { "$user":
ensure => "present",
uid => "$uid",
gid => "$gid",
comment => "$name backup sandbox",
home => "$real_dir",
managehome => true,
shell => "/bin/sh",
password => '*',
require => Group['backupninjas'],
tag => "$real_backuptag"
}
}
}
}
}
}
}
|
